A remote user may be able to gain root access to an OpenAFS database
server or fileserver host. In addition, certain administrative clients
may be attacked if they make requests to a rogue server.

DETAIL

There is an integer overflow bug in the SUNRPC-derived RPC library
used by OpenAFS that could be exploited to crash certain OpenAFS
servers (volserver, vlserver, ptserver, buserver) or to obtain
unauthorized root access to a host running one of these processes.

In addition, it is possible for a rogue server to attack certain
administrative clients (vos, pts, backup, butc, rxstat), but only
if certain RPC requests are made to the rogue server.

The OpenAFS fileserver and cache manager (client) are not vulnerable
to these attacks. No exploits are presently known to be available
for this vulnerability.